package com.gln.bloger.action;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.action.ActionMessage;
import org.apache.struts.action.ActionMessages;
import org.apache.struts.validator.DynaValidatorForm;

import com.gln.bloger.constant.Constant;
import com.gln.bloger.pojos.User;
import com.gln.bloger.pojos.Website;
import com.gln.bloger.util.StringUtil;

public class VerifyAction extends BaseAction {

	/**
	 * get web site info if one's been selected
	 */
	public ActionForward execute(ActionMapping mapping, ActionForm form,
			HttpServletRequest request, HttpServletResponse response)
			throws Exception {
		String handle = request.getParameter("handle");
		Website website = getAuthWebsite(request);
		if (StringUtil.isBlank(handle)) {
			request.getSession().removeAttribute(Constant.AUTH_WEBSITE);
		} else if (!StringUtil.isBlank(handle) && website == null) {
			// has select a web site
			website = getWebsiteService().getWebsite(handle);
			request.getSession().setAttribute(Constant.AUTH_WEBSITE, website);
		}

		return super.execute(mapping, form, request, response);
	}

	/**
	 * authenticate
	 * 
	 * @param mapping
	 * @param form
	 * @param request
	 * @param response
	 * @return
	 * @throws Exception
	 */
	public ActionForward authenticate(ActionMapping mapping, ActionForm form,
			HttpServletRequest request, HttpServletResponse response)
			throws Exception {
		DynaValidatorForm loginForm = (DynaValidatorForm) form;
		ActionMessages errors = loginForm.validate(mapping, request);

		/**
		 * if there's user and web site in session and user is owner of this web
		 * site then forward to administrator index page
		 */
		User sessionUser = getAuthUser(request);
		Website sessionWebsite = getAuthWebsite(request);
		if (sessionWebsite != null && sessionUser != null
				&& sessionUser.isOwner(sessionWebsite)) {
			return mapping.findForward("adminIndex");
		}

		String email = loginForm.getString("email");
		String password = loginForm.getString("password");
		String checkCode = loginForm.getString("code");
		String sessionIdentifyingCode = (String) request.getSession()
				.getAttribute(Constant.IDENTIFYING_CODE_SESSION_NAME);
		// identify code mismatch
		if (!checkCode.equalsIgnoreCase(sessionIdentifyingCode)) {
			errors.add("errors", new ActionMessage(
					"errors.mismatch.identifyCode"));
			saveErrors(request, errors);
			request.setAttribute("email", email);
			return mapping.findForward("login");
		}

		User user = getUserService().getUser(email);
		if (user != null && user.getPassword().equals(password)) {
			Website website = getAuthWebsite(request);
			request.getSession().setAttribute(Constant.AUTH_USER, user);
			/**
			 * has select a web site
			 */
			if (website != null) {
				if (!user.isOwner(website)) {
					// if she/he is not the owner of this web site

					this.clearCache();
					errors.add("error",
							new ActionMessage("errors.no.authority"));
					saveErrors(request, errors);
					request.setAttribute("email", email);
					return mapping.findForward("login");
				}
				return mapping.findForward("adminIndex");
			} else {
				// hasn't choose a blogger
				return mapping.findForward("chooseBlogger");
			}
		} else {
			errors.add("errors", new ActionMessage(
					"errors.mismatch.email.password"));
			saveErrors(request, errors);
			request.setAttribute("email", email);
			return mapping.findForward("login");
		}
	}

	/**
	 * forward to login page
	 * 
	 * @param mapping
	 * @param form
	 * @param request
	 * @param response
	 * @return
	 * @throws Exception
	 */
	public ActionForward input(ActionMapping mapping, ActionForm form,
			HttpServletRequest request, HttpServletResponse response)
			throws Exception {
		return mapping.findForward("login");
	}

	/**
	 * log out
	 * 
	 * @param mapping
	 * @param form
	 * @param request
	 * @param response
	 * @return
	 * @throws Exception
	 */
	public ActionForward logout(ActionMapping mapping, ActionForm form,
			HttpServletRequest request, HttpServletResponse response)
			throws Exception {
		request.getSession().removeAttribute(Constant.AUTH_USER);
		return new ActionForward("/entry.do?method=list&amp;handle="
				+ getAuthWebsite(request).getHandle());
	}
}
